<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Manage Password</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<link href="./EldercareMasterPage/_finalstyle.css" rel="stylesheet" />
	<link href="./css/bootstrap.min.css" rel="stylesheet" media="screen">
    <link href="./css/bootstrap-datetimepicker.min.css" rel="stylesheet" media="screen">

</head>
<?php
	define('CONFIG_FILE',true);
	include './config.php';
	define('DB_FILE',true);
	
	session_start();
	if (empty($_SESSION["username"])||empty($_SESSION["userType"])) {
		Header("Location: ./Index.php");
		exit();
	}else{
		$userType = $_SESSION["userType"];
	}
	
	// set timeout period in seconds
	$inactive = 7200;
	// check to see if $_SESSION['timeout'] is set
	if (isset($_SESSION["timeout"])) {
		$session_life = time() - $_SESSION["timeout"];
		if ($session_life > $inactive) {
			session_destroy();
			Header("Location: ./Timeout.php");
		}
	}
	$_SESSION["timeout"] = time();
?>
<body>
    <div class="banner">
	</div>
	<div id="main">
		<div class="left-wrapper">
			<div class="logo">
				<img src="images/eldercare.gif" alt="logo" width="240px" />
			</div>
			<div class="menu-wrapper">
				<div id='cssmenu' >    
						<?php
							if ($userType == "Therapy Assistant") {
								include_once('./Sidebar/_SidebarTA.php');
							} else if ($userType == "Centre Manager") {
								include_once('./Sidebar/_SidebarCM.php');
							} else {
								include_once('./Sidebar/_SidebarSA.php');
							}
						?>
				</div>
				<div class="clear"></div>
			</div>
		</div>
		<div id="content">
			<div class="content2">
				<b style="float:right; margin: 0px 0 0 0">  
				<?php
					if (!empty($_SESSION["centreName"])) {
						$Username = $_SESSION["username"];
						$centreName = $_SESSION["centreName"];
						echo "Welcome, " . $Username . " ! " . $centreName . " Branch";
					} else {
						$Username = $_SESSION["username"];
						echo "Welcome, " . $Username;
					}
				?>
				<input type="submit" class="btn btn-danger" value="Logout" onclick="parent.location = 'logout.php'">
			</b>
			</p>
			<br>
				<div style="float:center">
				<br>
				<form method='post' id="changePwdForm">
					<h4><b>Old password:</b></h4>
					<input type="password" name="oldPassword" id="oldPassword" size="20" maxlength="40"//>
					<h4><b>New password:</b></h4>
					<input type="password" name="newPassword" id="newPassword" size="20" maxlength="40"//>
					<h4><b>Confirm password:</b></h4>
					<input type="password" name="cfmPassword" id="cfmPassword" size="20" maxlength="40"//>
					<p>
					<p><input type="submit" name="btnSubmit" class="btn" value="Change Password" id="btnSubmit" onClick=""></p>
				</form>
				<?php
					require_once './Tool/DB/SqlDBManager.class.php';
					require_once './Tool/Common/PasswordHash.php';
					if (isset($_POST['btnSubmit'])) {
						$empty = "Please Enter..";
						if ((!empty($_POST['oldPassword']) && !empty($_POST['newPassword']) && !empty($_POST['cfmPassword']) ) && ( $_POST['oldPassword'] != $empty && $_POST['newPassword'] != $empty && $_POST['cfmPassword'] != $empty)) {
							$oldPassword = $_POST['oldPassword'];
							$newPassword = $_POST['newPassword'];
							$cfmPassword = $_POST['cfmPassword'];
							$username = $_SESSION['username'];
							
							$sqlDBManager = new SqlDBManager();

							$sql = "select Password from user WHERE Username =?";
							$parameters=array($username);

							$res=$sqlDBManager->queryRow($sql,$parameters);

							if(!empty($res)){
								$res=validate_password($oldPassword,$res['Password']);
								if($res===TRUE){
									if ($newPassword == $cfmPassword) {
										if ($oldPassword != $newPassword) {
											//Validate password
									    	if(strlen( $newPassword)<8){
									    		echo"<font color=red>Your password must be at least 8 characters long.Your password must be at least 8 characters long and contain upper and lowercase letters, a number without white space.</font>";
									    		exit();
									    	}
										    // Check for username match
										    if ($newPassword == $username) {
										   		echo"<font color=red>Your password must not match your username.Your password must be at least 8 characters long and contain upper and lowercase letters, a number without white space.</font>";	 	
										    	exit();
										    }
										    // Check for containing username
										    if(strpos($newPassword, $username)!==false ) {
										        echo"<font color=red>Your password must not contain your username.Your password must be at least 8 characters long and contain upper and lowercase letters, a number without white space.</font>";	
										   		exit();
										    }
										    // Check for lowercase
										    if(!preg_match('/[a-z]/', $newPassword)){
										        echo"<font color=red>Your password must contain at least 1 lowercase letter.Your password must be at least 8 characters long and contain upper and lowercase letters, a number without white space.</font>";	
										    	exit();
										    }
										    // Check for uppercase
										    if(!preg_match('/[A-Z]/', $newPassword )){
										    	echo"<font color=red>Your password must contain at least 1 uppercase letter.Your password must be at least 8 characters long and contain upper and lowercase letters, a number without white space.</font>";	
										    	exit();
										    }
										    // Check for numbers
										    if(!preg_match( '/[0-9]/', $newPassword )){
										        echo"<font color=red>Your password must contain at least 1 number.Your password must be at least 8 characters long and contain upper and lowercase letters, a number without white space.</font>";	
										    	exit();
										    }
										    // Check for whitespace
										    if(preg_match( '/[\s]/', $newPassword )){
										        echo"<font color=red>Your password must not contain any white space.Your password must be at least 8 characters long and contain upper and lowercase letters, a number without white space.</font>";	
										    	exit();
										    }
											$newHashedPassword = create_hash($newPassword);
											$sql = "update user set Password=?where Username=?";
											$parameters=array($newHashedPassword,$username);
											$res=$sqlDBManager->execute_dml($sql,$parameters);
											if($res>0){
												echo"<font color=red> Your password has changed successfully.</font>";	
											}
											else{
												echo"<font color=red> Update password failed due to database error.</font>";	
											}
										} else {
											echo "<font color=red>Old Password and New Password cannot be the same.</font>";
											exit();
										}
									} else {
										echo "<font color=red>Passwords do not match.</font>";
										exit();
									}
								}else {
									echo "<font color=red>Old Password is incorrect! Please enter again.</font>";
									exit();
								}
							} 
							//close connection
							$sqlDBManager->close_connect();
						} else {
							echo"<font color=red> Please fill up all the information.</font>";
							exit();
						}
					}
				?>
			</div><br>
			<div class="clear">
			</div>
		</div>
    </div>
	</div>
</body> 
<div id="footer"><font color='white'>&copy; 2013 MP22 IIT-IT Temasek Polytechnic</font></div></div>
<!-- validation -->
<script src="./validation/jquery.min.js" type="text/javascript"></script>
<script src="./validation/jquery.form-validator.min.js" type="text/javascript"></script>
<script>
	$.validate({
	    form: '#changePwdForm',
	    validateOnBlur: false, // disable validation when input looses focus
	    errorMessagePosition: 'top', // Instead of 'element' which is default
	    scrollToTopOnError: false, // Set this property to true if you have a long form
	});
</script>
</html>
